You may have heard about the “Heartbleed Bug,” which is a bug in encryption software used by the majority of the web, include many popular websites.
This is a very serious bug that if exploited can expose private information that you have exchanged with secure websites that are vulnerable to this bug. The bug was discovered by a team of security researchers and made public on Monday, April 7th. You can read more details about the bug and how to protect yourself here.
At Lift, we take your security seriously, and here’s what we’ve done to protect you against further exploit of the Heartbleed bug. We have reissued and re-keyed our SSL certificates. Third-party services that Lift relies on have patched their systems against this vulnerability. We have regenerated keys and passwords that we use to communicate with those third-party services.
We recommend that you change your Lift password.
Following best practices, we also suggest that you use a different password for each website or service, and the use of password manager software may help with this.
If you’re using Lift on the web (or on Android), you can go to settings to change your password. Click or tap on your profile icon at the top right corner and choose “Settings” (if you’re logged in, you can get there directly via lift.do/settings). Scroll down and enter your new password in the indicated field to change it. (You don’t need to enter it twice, and you don’t need to enter the old password.) Scroll down and click on “Save settings.”
If you’re using Lift on iOS, tap “Me” in the lower right corner and then tap the gear setting at top right. Scroll down to the “Password” field and enter your new password in the indicated field to change it.
If you have any questions or concerns, please email feedback+security@lift.do.